How to configurate my network to Internet access
 

Hello

I have 3 computers at home (1 server, 1 clientLinux, and Xp) connected both 3 through a router Linksys, but I want to use the server Linux as Firewall and the linux and Xp get access to the Internet through the server and filter the access as speed, ip's sites, etc. I am using Mandriva for Linux and Xp for Windows

How can I configurated this?

Thanks you in advantage

Ale:newbie:

Use one as a gateway. It should have 2 NIC's in it.

Mandriva has a gateway setup wizard which should make configuring NAT easy. (drakegw)
You may want to install and configure a dhcp server. The LAN side of the Mandriva host will be the gateway for the other hosts. As to blocking sites, google for "DansGuardian blacklist" or "SquidGuard blacklist". This is the part that will take a lot of work because blocking site due to content uses a proxy firewall rather simply adding iptables rules. One alternative if you simply want to block certain IP address could be to provide a DNS service to the LAN side that will substitute your own server address if the domain name is in a black list.

Here is an article you may find useful: http://www.linuxjournal.com/article/6807

Here is a thread from someone wanting to control web access in a school library:
http://www.linuxquestions.org/questi...=398226&page=2

This link may also be useful:
http://www.cecea.org/jojo/cleanweb/

As I understand it, SquidGuard is more open whereas DansGuardian's blacklist is a subscription. However using DansGuardian you can screen the content of web pages that are not on a blacklist.

Will I lose any connection speed doing this in my network?

If you have very long netfilter rules to filter out 100,000 blacklisted IP address, that can slow down connection. I think that DansGuardian and SquidGuard will use the Berkley Database to hold the blacklist which will speed things up, and they claim that they don't load down a computer too much. Also a proxy or transparent proxy server has more to do since it also examines the contents of the packets and that takes time as well. A large installation that uses transparent proxies to block traffic might use a small rack of blade servers and squid to balance the number of connections between a number of processors. However in your case this won't be necessary.

You may already be behind a transparent proxy without knowing it. Many ISPs run proxy servers to cache internet traffic in order to save bandwidth.

You might want to try using Google with the terms: site:www.tldp.org proxy
There are distros that are designed to run on older retired machines and run as firewalls. It would also be better for security to use a dedicated machine. Such a machine would actually have very little installed, so it would run faster than it would if configured as a workstation. It probably wouldn't even have X windows installed. If only the absolute minimum is installed, there are fewer potential targets of opportunity for hackers to try to attack. Then you can free up your main workstation of these duties and since it is entirely inside the firewall, be less paranoid about the services you offer to the LAN.